<?php

include('sqlconnect.php');

if ($_POST) {
    //get the posted values
    $username = $_POST['username'];
    $password = $_POST['password'];
	
	$username = htmlspecialchars($username);
	$password = htmlspecialchars($password);
	
	$password = md5($password);

//now validating the username and password
    $sql = "SELECT username, password, type FROM users WHERE username='" . $username . "'";
    $result = mysql_query($sql);
    $row = mysql_fetch_array($result);

//if username exists
    if (mysql_num_rows($result) > 0) {
        //compare the password
        if (strcmp($row['password'], $password) == 0) {
			echo '0';
			session_start();
			$_SESSION['login'] = "1";
            $_SESSION['username'] = $username;
			$_SESSION['type'] = $row['type'];
			header("Location: {$_SERVER['PHP_SELF']}");
            //$expire = time() + 60 * 60 * 24 * 30;
            //setcookie("user", $username, $expire);
            
        }
        else {
			session_start();
			$_SESSION['login'] = "";
			$_SESSION['username'] = "";
            echo '1';
		}
    }
    else {
		session_start();
		$_SESSION['login'] = "";
		$_SESSION['username'] = "";
        echo '2'; //Invalid Login
	}
}
?>